Skip to main content

Workflow Template: Extract Multiple Observables

Extracts different types of observables such as File Hashes, IP Addresses, IP Range, Email Addresses, Filenames, Hostnames, URLs, and CVEs.

The "Extract Multiple Observables" workflow template is designed to streamline the process of identifying and categorizing various observables from raw text inputs. This tool is essential for threat hunting and threat intelligence enrichment, as it efficiently extracts and groups observables such as file hashes, IP addresses, email addresses, and URLs. It also verifies domain TLDs against the official IANA list, ensuring data accuracy. The workflow can be customized to provide either a consolidated or detailed output, making it a versatile asset in cybersecurity operations.

Optional Triggers

["This workflow is intended to be used as a nested function."]

Use Cases

Function , Threat Hunting , Threat Intelligence Enrichment

Workflow Breakdown

  1. Receives Raw Text as input

  2. Applies multiple Regex to a single text, extracts and groups the results.

  3. Verifies TLDs against IANA TLD official list.

  4. Identify Observable types and subtypes as used in Torq Cases.

Vendors

Scripting, Utils, HTTP, Torq

Workflow Output

List of observables sorted or grouped, by type and subtype.

Tips

  • Set Group Output to True to consolidate all observables or set it to False for a detailed, expanded output.

Did this answer your question?